Положение о защите персональных данных

Schattdecor takes data protection extremely seriously. Your satisfaction is our utmost priority, and an important part of our commitment to you is our responsibility to protect your privacy. In principle you can use our home page without providing any personal data.

We do make every effort to provide an optimal experience to our home page visitors. For quality assurance purposes, or because you want to contact us (e.g. via e-mail), there are some situations that may arise in which personal data is collected. We collect, process, and use your personal data only in compliance with the principles described below and in accordance with applicable data protection laws.

This data protection statement aims to answer any questions you may have about the protection of your personal data.

Who is responsible for processing my data?

The controller as defined in the EU General Data Protection Regulation, other data protection laws in force in member states of the European Union, and other data protection-related legal provisions is:

What is data processing?

Scope of personal data processing

We process the personal data of individuals visiting our website only where absolutely required for the provision of a functional website or of our content and services. We only process the personal data of our users with their consent, except where obtaining consent in advance is not possible or where data is permitted to be processed by law.

Legal basis for processing personal data

If we obtain the consent of the data subject to process personal data, then Article 6 par. 1 (a) of the EU General Data Protection Regulation (GDPR) applies as the legal basis.

If processing personal data is required in order to fulfill a contract, whereby the data subject is a party to the contract, Article 6 par. 1 (b) GDPR applies as the legal basis. This is also the legal basis for processing required in order to perform pre-contractual tasks.

If processing of personal data is required in order for our company to fulfill a legal obligation, Article 6 par. 1 (c) GDPR applies as the legal basis.

If interests which are essential for the life of the data subject or that of another natural person make the processing of personal data necessary, Article 6 par. 1 (d) GDPR applies as the legal basis.

If processing personal data is necessary in order to protect a legitimate interest of our company or a third party and this interest outweighs the interests, fundamental rights, and freedoms of the data subject, Article 6 par. 1 (f) GDPR applies as the legal basis.

Data deletion and storage duration

Personal data is deleted or restricted from processing as soon as the purpose of its storage no longer applies. It may also be stored if necessary under European or national law, in Union regulations, laws, or other legal stipulations to which the controller is subject. The data is restricted from processing or deleted when a retention period prescribed by the aforementioned regulations expires, unless storing the data is required in order to conclude or fulfill a contract.

What sort of personal data is processed?

Access data

We collect data every time our website is accessed (in what’s known as “server log files”). Access data includes the date and time of access, the data quantity transferred, a message about successful access, the browser type and version, the operating system of the website visitor, and the referrer URL (the page you were visiting which directed you to our website). The IP addresses of the user or other data that can be used to identify a user are not affected here. This data is not stored together with other personal data of the user.

Data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and ensure the security of our IT systems. The data is not analyzed for marketing purposes in this case. Our legitimate interest in data processing for these purposes is based on Article 6 par. 1 (f) GDPR.

The server log files are deleted after 14 days.

Collecting the data in order to provide the website and storing the data in log files is compulsory in order to operate the website. The user does not have the option to object in this case.

Cookies

We use “session cookies” when users log in to secured areas (with username and password) of the website, in order for the page visitor to be identified for the duration of their visit. The session cookies contain some of the log-in data in encrypted form. We do not use other types of cookies.

Session cookies are used for the purpose of making use of the website easier. Some functions of our website cannot be offered without using cookies. Our legitimate interest in processing personal data for these purposes is based on Article 6 par. 1 (f) GDPR.

Cookies are stored on the user’s computer and transferred from the computer to us. For this reason, you as the user have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings for your web browser. Cookies which have already been stored can be deleted at any time. This can also be carried out automatically. If cookies are disabled for our website, some of the functions of the website may no longer be available as a result. When the session ends the session cookies automatically expire.

E-mail contact

You can get in touch with us using the e-mail addresses provided on our website. The user’s personal data which is transferred with the e-mail is stored in this case. This data is not passed on to third parties. The data is only used to process the conversation.

The legal basis for processing the data transferred in the course of sending an e-mail is Article 6 par. 1 (f) GDPR. If the purpose of making contact via e-mail is to conclude a contract, the additional legal basis for processing is Article 6 par. 1 (b) GDPR.

The personal data from the e-mail is only used to process the conversation. The other personal data processed during sending is used to prevent misuse and ensure the security of our IT systems.

The data is deleted as soon as it is no longer required for the purpose of its collection. In the case of personal data sent via e-mail, it is deleted when the conversation with the user ends. The conversation ends when the matter being discussed can be determined to be concluded.

The user has the option of withdrawing their consent to process their personal data at any time. If the user contacts us by e-mail, they can also object to the storage of their personal data at any time. In this case the conversation cannot be continued.

Applications

We are happy that you are interested in Schattdecor and are applying or have applied to work with us. The following provides information on how your personal data is processed in connection with your application.

The legal basis for processing your personal data during the application process is primarily section 26 of the German Federal Data Protection Act (BDSG) dated May 25, 2018. According to this law, data which is required in connection with making a recruitment decision can legally be processed. If the data is required after the application process for any legal proceedings, the data can be processed based on the requirements of Article 6 GDPR, especially for the purposes of protecting legitimate interests in accordance with Article 6 par. 1 (f) GDPR. Our interest in this case would be to make or defend a legal claim.

We process the data that you have sent to us in connection with your application in order to determine your suitability for the role (or other open roles in our company) and go through the application process. Your application data is reviewed by our Human Resources department upon receipt. Suitable applications are then forwarded internally to the relevant department managers for the open role in question. The next course of action is then decided. Within the company, only the people who need your data in order to process your application are able to access your data.

Applicant data is deleted after six months if the application is rejected. We will keep your data in our pool of applicants if you agree to the storage of your personal data. In this case the data will be deleted after a period of two years. If you are sent an offer in response to your application, the data will be transferred from the applicant data system to our personnel information system.

Google Analytics

We use Google Analytics, a web analysis service offered by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files that are stored on the website visitor’s computer to allow an analysis of your use of the website. The information concerning the visitor’s use of this website that is generated by the cookies is generally transmitted to a server operated by Google in the USA and stored there.

If IP anonymization is activated on this website, Google will truncate the site visitor’s IP address within member states of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and stored there. IP anonymization is activated on this website. Google uses this information on behalf of the website operator to evaluate the visitor’s use of the website, compile website activity reports, and provide further services associated with the use of both the website in particular and the Internet in general to the website operator.

The IP address transmitted from your browser as part of Google Analytics is not compiled with other Google data. The site visitor can adjust their browser settings to prevent cookies from being stored; if this is done, however, please be aware that you then may not be able to use the full scope of functions offered by this website.

The site visitor can also prevent the collection of data generated by the cookies and related to their use of the application (including their IP address) and the processing of this data by Google by downloading and installing the browser plug-in provided at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

You can prevent data collection by Google Analytics by clicking on the following link. An opt-out cookie is set, which prevents the future collection of your data when visiting this website:click here to set the opt-out cookie

Instagram functions are incorporated on our site. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged in to your Instagram account you can link the content of our website to your Instagram profile by clicking the Instagram button. As a result, Instagram can link information about your visit to our site to your user account. Please note that as the website operator we do not know what data is transferred to Instagram or how it is used by Instagram.

Our website also uses plug-ins for YouTube, which is run by Google. The page operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages that features a YouTube plug-in, a connection is established with YouTube servers. The YouTube server is then notified of which of our pages you have visited.

If you are logged in to your YouTube account, YouTube is able to directly assign your Internet surfing behavior to your personal profile. You can prevent this by logging out of your YouTube account.

We incorporate our trend books (e-paper) on our website using Yumpu.com (“Yumpu”), a service offered by i-magazine AG. When you open online magazines on our website, a connection is established with Yumpu servers in Switzerland. Accessing the online magazines requires Yumpu to receive the user’s IP address, as without the IP address the content cannot usually be sent to your browser.